Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.2.14
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config system vdom-dns

    config system vdom-dns

    Configure DNS servers for a non-management VDOM.

    config system vdom-dns
    Description: Configure DNS servers for a non-management VDOM.
    set dns-over-tls [disable|enable|...]
    set interface {string}
    set interface-select-method [auto|sdwan|...]
    set ip6-primary {ipv6-address}
    set ip6-secondary {ipv6-address}
    set primary {ipv4-address}
    set secondary {ipv4-address}
    set server-hostname <hostname1>, <hostname2>, ...
    set source-ip {ipv4-address}
    set ssl-certificate {string}
    set vdom-dns [enable|disable]
end

    config system vdom-dns

    Parameter

    Description

    Type

    Size

    dns-over-tls

    Enable/disable/enforce DNS over TLS.

    option

    -

    Option

    Description

    disable

    Disable DNS over TLS.

    enable

    Use TLS for DNS queries if TLS is available.

    enforce

    Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.

    interface

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    ip6-primary

    Primary IPv6 DNS server IP address for the VDOM.

    ipv6-address

    Not Specified

    ip6-secondary

    Secondary IPv6 DNS server IP address for the VDOM.

    ipv6-address

    Not Specified

    primary

    Primary DNS server IP address for the VDOM.

    ipv4-address

    Not Specified

    secondary

    Secondary DNS server IP address for the VDOM.

    ipv4-address

    Not Specified

    server-hostname <hostname>

    DNS server host name list.

    DNS server host name list separated by space (maximum 4 domains).

    string

    Maximum length: 127

    source-ip

    Source IP for communications with the DNS server.

    ipv4-address

    Not Specified

    ssl-certificate

    Name of local certificate for SSL connections.

    string

    Maximum length: 35

    vdom-dns

    Enable/disable configuring DNS servers for the current VDOM.

    option

    -

    Option

    Description

    enable

    Enable configuring DNS servers for the current VDOM.

    disable

    Disable configuring DNS servers for the current VDOM.
    Previous
    Next

    config system vdom-dns

    config system vdom-dns

    Configure DNS servers for a non-management VDOM.

    config system vdom-dns
    Description: Configure DNS servers for a non-management VDOM.
    set dns-over-tls [disable|enable|...]
    set interface {string}
    set interface-select-method [auto|sdwan|...]
    set ip6-primary {ipv6-address}
    set ip6-secondary {ipv6-address}
    set primary {ipv4-address}
    set secondary {ipv4-address}
    set server-hostname <hostname1>, <hostname2>, ...
    set source-ip {ipv4-address}
    set ssl-certificate {string}
    set vdom-dns [enable|disable]
end

    config system vdom-dns

    Parameter

    Description

    Type

    Size

    dns-over-tls

    Enable/disable/enforce DNS over TLS.

    option

    -

    Option

    Description

    disable

    Disable DNS over TLS.

    enable

    Use TLS for DNS queries if TLS is available.

    enforce

    Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.

    interface

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    ip6-primary

    Primary IPv6 DNS server IP address for the VDOM.

    ipv6-address

    Not Specified

    ip6-secondary

    Secondary IPv6 DNS server IP address for the VDOM.

    ipv6-address

    Not Specified

    primary

    Primary DNS server IP address for the VDOM.

    ipv4-address

    Not Specified

    secondary

    Secondary DNS server IP address for the VDOM.

    ipv4-address

    Not Specified

    server-hostname <hostname>

    DNS server host name list.

    DNS server host name list separated by space (maximum 4 domains).

    string

    Maximum length: 127

    source-ip

    Source IP for communications with the DNS server.

    ipv4-address

    Not Specified

    ssl-certificate

    Name of local certificate for SSL connections.

    string

    Maximum length: 35

    vdom-dns

    Enable/disable configuring DNS servers for the current VDOM.

    option

    -

    Option

    Description

    enable

    Enable configuring DNS servers for the current VDOM.

    disable

    Disable configuring DNS servers for the current VDOM.
    Previous
    Next